800xa high integrity - fgs bms applications alaska … · flexible report creation and ... case of...
TRANSCRIPT
800 A Hi h I iLuis M. Duran, Prodict Marketing Manager Safety Systems, February 2012
800xA High IntegrityFGS and BMS ApplicationsFGS and BMS Applications
© ABB Group February 27, 2012 | Slide 1© ABB Group February 27, 2012 | Slide 1
Content
800xA High Integrity Overview 800xA High Integrity Overview
Fire & Gas Systems
S Burner Management Systems
Safety Standards and BMS
Conclusions
© ABB Group February 27, 2012 | Slide 2
Access to information…Seamlessly and in context
© ABB Group February 27, 2012 | Slide 3
Thanks to a Common Operation Environment…Operator can take timely action…Operator can take timely action
Monitor the Process and respond to Abnormal Conditions
© ABB Group February 27, 2012 | Slide 4
Protection is implemented in multiple layers
SIL 2
SIL 3
SIL 0-1
SIL 2
© ABB Group February 27, 2012 | Slide 5
System 800xA HI – Integrated SafetyCustomer value of integration available todayCustomer value of integration – available today
Same operations Centralized
Historian andPlant-wide Sequence of Events
interface and engineering
Historian and Data Archiving
Common system therefore reduced
spare parts trainingspare parts, training etc…
Centralized Historian and
Process control and safety running inHistorian and Data Archivingsafety running in
separate controllers
Centralized Historian and
D t A hi i
Common, integrated asset management
strategyData Archivingstrategy
© ABB Group February 27, 2012 | Slide 6
800xA High Integrity – SIL3 CertifiedCertificateCertificate
Also NFPA certified for F&G and BMS
SIL3 Certified
© ABB Group February 27, 2012 | Slide 7
800xA High IntegrityDiverse Architecture Diverse ImplementationDiverse Architecture, Diverse Implementation
The SIL 3 800xA High Integrity controllerAC800M HI The SIL 3 800xA High Integrity controller has parallel processing paths based on diverse technology
I t it ti b t th
PMCBSIL3
AC800M HISIL3
Integrity voting between paths compliments the built in active diagnosticsSM Safety I/O SIL3
Controller and Supervision Module developed by diverse (different) teams (Vasteras and Malmo, Sweden) and 0SFF (%) 1
HFT
tested by a third team (Oslo, Norway) by people with different backgrounds
The two channel architecture meets SIL390 - 9960 - 90< 60
SIL 3SIL 2SIL 1
SIL 1SIL 2SIL 3SIL 4> 99 The two channel architecture meets SIL3
requirements for hardware fault detection and reaction
1oo1D 1oo2D
© ABB Group February 27, 2012 | Slide 8
IEC61508-2 Table 3
What do you mean Diversity?Example of Embedded DiversityExample of Embedded Diversity
S ft di it i Embedded Diversity offers Software diversity in logic solver
PM865 & SM811
Embedded Diversity offers a significant contribution to overall system integrity.
PM865 & SM811
Different operating systems
Different base software
i.e. to execute the same logic on / in diverse ways / software,
layers
Different un-packing procedures
Different development and testing teams with different background in several locations
Etc…
9
What do you mean Diversity?More on Embedded DiversityMore on Embedded Diversity
Hardware diversity in S800 High Integrity I/O modules
Each IO module has two diverse execution paths based on different hardware technology
MCU d FPGA ti l MCU and FPGA respectively
Each individual single IO module has an internal 1oo2 architecture
AC800M High Integrity Redundant Controller ConfigurationRedundant Controller Configuration
SM811 BC810 PM865 Redundant I/OTB 840
Optical Modulebus
RCU LinkCEX bus
© ABB Group February 27, 2012 | Slide 11
SecuritySystem Security And Embedded FirewallsSystem Security And Embedded Firewalls
Provides functions for protection of SIL Provides functions for protection of SIL classified applications in AC800M HI Controllers
SIL Access Control and Authorization
Force Control / Override Control /Force Control / Override Control / Bypass Management
Confirmed Online Write / Confirmed O tiOperation
Embedded firewalls and confirmation procedures protect the SIL application p p ppfrom inadvertent / accidental control actions
© ABB Group February 27, 2012 | Slide 12
More Efficient and Effective TroubleshootingSafety relevant information is readily availableSafety relevant information is readily available
Alarms Events Audit Trail and Alarms, Events, Audit Trail, and SOE displays for root cause analysis
Real-time information
Standard functionality for inhibiting of specific safetyinhibiting of specific safety functions
Status supervision of Safety S t El tSystem Elements
Flexible Report Creation and Schedulingg
Valve Leak Test, Verification, Automatic Shutdown Reporting SIL statusReporting, SIL status
© ABB Group February 27, 2012 | Slide 14
Installed BaseInstallations Across The GlobeInstallations Across The Globe
ABB’s intimate knowledge of and experience ABB s intimate knowledge of and experience from all conceivable locations, environments and applications directly benefits end-users
With more 30 years on the market the With more 30 years on the market the installed base is spread across
…more than 55 countries…
…on all continents and across all regions…
…and all traditional safety systems More than 3,000 controllers sold since initial release in industry segments such as oil & gas,
petrochemical and chemical industries…
…as well as more non-traditional safety “Reducing risk where it is
sold since initial release in January 2005
systems industry segments such as pulp & paper, semiconductor and minerals & mining facilities.
gneeded…”
© ABB Group February 27, 2012 | Slide 15
U1
Slide 15
U1 How many BMS and how many FGS?USLUDUR, 2/15/2012
Fi d G S tFire and Gas Systems
© ABB Group February 27, 2012 | Slide 31
Fire & Gas System – F&GMain IndustriesMain Industries
Offshore Industry Offshore Industry
Marine
Refineries Refineries
Oil plants
Gas treatment plantsGas treatment plants
Petrochemicals
ChemicalsC e ca s
Electrical Power Industry
© ABB Group February 27, 2012 | Slide 32
Fire & Gas System – F&GApplication CharacteristicsApplication Characteristics
Designed to provide monitoring warning and mitigation in Designed to provide monitoring, warning and mitigation in case of detection of smoke, gas discharge or breakout of fire
Detection – Automatic detection of presence of smoke or fire by monitoring smoke, heat, flame, light or other products of combustion
Announcement – Audible and/or visual warning by means of sounders, flashing light, public addressing system or similarsyste o s a
Containment – Preventing or reducing spread of fire and smoke to adjacent areas in a building/plant
Extinguishment – Utilization of fire fighting equipment and media such as water, foam, CO2 etc.
© ABB Group February 27, 2012 | Slide 33
Fire & Gas System – F&GSystem Configuration ExampleSystem Configuration Example
Living Quarters
Control Room
Serial C
Local Fire Alarm System
Communication link
HVAC
Addressable Fire detection loop Sprinkler
Gas Processing
© ABB Group February 27, 2012 | Slide 34
Fire & Gas System – F>ypical Functional RequirementsTypical Functional Requirements
Usually divided into fire areas by geographical locationUsually divided into fire areas by geographical location Hierarchical structure
Overview display D t il d t ti f h d t t ith d t il d t t i f ti Detailed presentation of each detector with detailed status information
All alarms and overrides presented in one display Inhibits and override functionality
Specific detectors or a group Manual activation from call points in the field or by operator release commands
from the control room Voting mechanisms used on input channels to avoid spurious trips
1oo2, 2oo3, 2ooN Communication possibilities with addressable F&G stationsp Safety Integrity Level
Typically SIL2
© ABB Group February 27, 2012 | Slide 35
Fire & Gas System – F&G800xA HI Safety Certified Libraries800xA HI – Safety Certified Libraries
Supervision Library Fire & Gas Library Supervision Library
Detector input
System control and
Fire & Gas Library
Modules for monitoring and controlof protection systems
CO2y
monitoring
Output handling
Overview presentation
CO2
Deluge
Sprinkler Overview presentation
Libraries enable significant savings during engineering
Sprinkler
Override functionality built into the modules to supervise the use of Force, Inhibit, Disable, and Manual Mode
© ABB Group February 27, 2012 | Slide 36
Disable, and Manual Mode
Fire & Gas System – F&G800xA HI Operator Display800xA HI – Operator Display
Platform Overview
L11
L12
M21 M22 M23
D11
L13M10 M11 M12
Displays organized in a hierarchy levelsNot only the condition of the detectors but also the
h i l l ti
FIRE
1. Site overview display (the top level display)
2. At least one level of group of areas
physical location
© ABB Group February 27, 2012 | Slide 37
3. Area detail displays (the bottom level)
Fire & Gas System – F&G800xA HI Display Structure
SiteGroup
Overview
800xA HI – Display Structure
SiteOverview
Overview
Group overviewGroup overview
Area Area
Site overview
Area
Area
Area
Area
Detector
AreaOvreview
Faceplate
© ABB Group February 27, 2012 | Slide 38
Fire & Gas System – F&G800xA HI Application Structure800xA HI – Application Structure
© ABB Group February 27, 2012 | Slide 39
Fire & Gas System – F&G800xA HI More Key Benefits
Easy integration of addressable fire & gas
800xA HI - More Key Benefits
Easy integration of addressable fire & gas systems
Built-in Control Modules for certified serial communication
High Integrity Instrumentation
Ü Wide range of SIL-rated TÜV Certified ABB sensors and valve positioners
Instrumentsst u e ts
Pressure(2600T series)
Temperature (TH series)p ( )
Flow (Coriolis)
Positioners (TZID-C)
© ABB Group February 27, 2012 | Slide 40
B M t S tBurner Management Systems
© ABB Group February 27, 2012 | Slide 41
BMSMain IndustriesMain Industries
Power Generation
Thermal Power Plants
District Heating
Pulp & Paper
Petrochemicals
Chemical Plants
Etc…
© ABB Group February 27, 2012 | Slide 42
Burner Management System – BMSApplication CharacteristicsApplication Characteristics
Designed to prevent explosionsDesigned to prevent explosions Improve plant operation by providing safe
and reliable... Start-up (Continuous demand)p ( ) Operation (Low demand) Process and emergency shutdowns
From a simple to complex From a simple to complex,multi-burner process-fired heater unitor power generation boiler
Different Fuel Types Applicable Standards
IEC61508 EN298EN298 NFPA 85
© ABB Group February 27, 2012 | Slide 44
Burner Management System – BMSTypical FunctionalityTypical Functionality
Purge Commence Confirmation - Requirements Purge Commence Confirmation - Requirements
Drum Level Ok, All Burner Valves Ok, ControlEnergies Ok, Fuel Systems Healthy, OxygenAnalyzer Healthy,All Igniter Systems Off, NoFlame Detected
Preventing Unburned Fuel Entering Furnace
Monitoring of Valve Positions
Flame Monitoring (On-line)
Oxygen Analyzer Monitoring (On-line)
Emergency Shutdowns / Trips Emergency Shutdowns / Trips
Activate inerting System
De-energize all ignition sources and valves
Manage fans (depending on cause of trip)
Monitor Start-Up Sequence
Purge Completed → Leak Check of Fuel System → Start Igniter /
© ABB Group February 27, 2012 | Slide 45
Burner
Monitor Shut-Down Sequence (Reverse of Start-Up)
Burner Management System – BMSTypical Trip CausesTypical Trip Causes
Master Fuel Trip (MFT) Master Fuel Trip (MFT) Fuel System Problem
Combustion Air Flow Low
L f f Loss of fans
Excessive furnace pressure
All fuel inputs zero
Loss of flame
Manual trip switch activated
Igniter Trip Loss of igniter flame
Igniter fuel pressure unstable
Burner Tripp Loss of burner flame
Burner valves out of position
© ABB Group February 27, 2012 | Slide 46
Burner Management System – BMSTypical Functional RequirementsTypical Functional Requirements
Enable quick response to operational conditions through easy access Enable quick response to operational conditions through easy access to information during all sequence steps
Enable maintenance and test procedures without compromising process safetyprocess safety
Bypass management
Controlled access to bypasses, normally prohibitedControlled access to bypasses, normally prohibited
Monitoring and Proof Testing
Valve Stroke Test
Verification of integrity of instrumented functions
Safety Integrity Level
SIL2 or SIL3
Have you performed a Safety Assessment?
© ABB Group February 27, 2012 | Slide 47
Burner Management System – BMS800xA HI Example System Configuration
Operator Workplace
Operator Workplace
800xA HI - Example System Configuration
Emergency Off Pushbutton
WorkplaceWorkplace
AC800M HI AC800M
DCS Controller
BMS Controller
© ABB Group February 27, 2012 | Slide 48
Boiler Management System – BMS800xA HI More Key Benefits800xA HI – More Key Benefits
Easy Implementation Supported Languages SIL2 SIL3 Easy Implementation IEC 6-1131-3 supported
languages
SupervisionBasicLib
Supported Languages SIL2 SIL3
Function Block Yes Yes
Structured Text Yes YesSupervisionBasicLib
Display Structure Shutdown System Overview through standard graphic elements
Fle ible displa design to red ce time to decision and action
Sequential Function Chart Yes No
Flexible display design to reduce time to decision and action
Bypass management and Forced Control
Sequence of Events
Information Management for safety Shutdown reports
Valve operation reportsp p
Asset Optimization for monitoring3
© ABB Group February 27, 2012 | Slide 49
S f t St d d d BMSSafety Standards and BMS
© ABB Group February 27, 2012 | Slide 50
Evolution of Safety Standards
1995 2005PRESCRIPTIVE STANDARDSnt
erna
tiona
l
1995
IEC SC 65 IEC 61508
ISO 10418
1995Draft
1993
1999
2005
IEC 61511 2003
PRESCRIPTIVE STANDARDSIn
Ger
man
y DIN VDE 0801
DINVDE 19250
1991
1989
UK HSE PES
OHSA CFR
1987
1992
USA
1910.119
ISA dS84.01
API RP14C
1995Draft
1974
ANSI/ISAS84.01
1996
ANSI/ISAS84.00.01 (IEC 61511 Mod)
2004
974,
Flix
boro
ugh
976,
Sev
eso
984,
Bho
pal
986,
Che
rnob
le
988,
Pip
er A
lpha
989,
Pas
aden
a
PERFORMANCE STANDARDS
© ABB Control SystemsFebruary 27, 2012 | Slide 51
1 1 1 1 1 1
BMS StandardsPrescriptivePrescriptive
Prescribe materials procedures and methods Prescribe materials, procedures and methods, focusing in the constructive characteristics of the resulting system, usually not stating explicitly any system goals or objectivesexplicitly any system goals or objectives
Tell us what to do
NFPA 85 (Boiler and Combustion SystemsNFPA 85 (Boiler and Combustion Systems Hazards Code)
API 556 (Instrumentation and Control S t f Fi d H t d StSystems for Fired Heaters and Steam Generators)
FM 7605 (Approval Standard for PLC ( ppBased Burner Management Systems)
BLRBAC recommended good practices
BMS StandardsPerformance basedPerformance-based
State goals and objectives to be achieved State goals and objectives to be achieved, and methods or procedures to demonstrate that the resulting system meets the goals and objectivesand objectives
Tell us how to proceed
IEC 61508IEC 61508
IEC 61511/ISA 84.00.01
Pros and ConsPrescriptive StandardsPrescriptive Standards
Benefits Benefits Easy to apply (must follow rules) Usually cheap (do not require HRA etc.) Certainty about compliance (do’s or dont’s) User decisions are limited No commitment regarding tolerable risk levelsNo commitment regarding tolerable risk levels
Problems Lack of flexibility to introduce new technologies and
innovationsinnovations Safety problems may be overseen if not considered by the
standard Usually the time variable is not considered Usually the time variable is not considered User decisions are limited Does not give directions on safety system integrity
Pros and ConsPerformance based standardsPerformance-based standards
Benefits Benefits
Flexibility (many systems can be built which solve a given problem)
Thoroughly coverage of risks (by risk analysis methods)
Maintenance and testing considered in calculations
Provide a validation target Provide a validation target
Requires justification of decisions based on objective information
Problems
More difficult and expensive to implement (HRA, FSMS, tests, etc.)
Demonstration of safety level achieved may be expensive too
Requires justification of decisions based on objective informationinformation
Requires user decision about risk tolerance (!)
What do experts say…?
“Independency Consideration for BMS and BCS” (D Lee Independency Consideration for BMS and BCS (D.Lee, paper presented at ISA 2006)
“Physical separation of logic solvers does not ensure a safe logic design.”
“Product listing or labeling does not ensure a safe system design ”system design.
“Designer’s responsibility to consider all possible failure modes and effect that each failure have on the integrity
f th l i t th f t f th it b iof the logic system, the safety of the unit being protected and the safety of the plant personnel”
What do experts say…?
“Industry update: Safety Instrumented Burner Management Industry update: Safety Instrumented Burner Management Systems” (M.Scott, paper presented at ISA 2004)
“Burner Management Systems […] are all defined SIS if they contain sensors a logic solver and a final controlthey contain sensors, a logic solver and a final control element according to ANSI/ISA 84.01.”
“FM Approval Standard 7605 requires that PLC based BMS must comply with IEC 61508 ”BMS must comply with IEC 61508.”
“A BMS can be designed that meets all requirements of the prescriptive standards such as NFPA 85 or 86 and
t ill NOT ti f th i t f SIS ”yet will NOT satisfy the requirements of a SIS.”
“Is a BMS a SIS?” (M.Scott, ISA webinar, 2007)“A BMS is a SIS if the risk analysis determines that A BMS is a SIS if the risk analysis determines that additional risk reduction is required and a SIL 1 or greater is assigned to a BMS SIF”
Conclusion
It’s possible to provide a true integrated control and safety system while maintaining functional independence between y g pprocess control and safety control
Diversity reduces common cause failures
Even in the integrated environment
800xA High Integrity software libraries simplifies the implementation of Fire and Gas Systemsimplementation of Fire and Gas Systems
ABB’s broad product portfolio and partnership enable a comprehensive F&G solution
800xA High Integrity is certified against multiple safety standards including NFPA 85 and 86
Safety Standards moved from Prescriptive to Performance Safety Standards moved from Prescriptive to Performance Base
NFPA 85 is Prescriptive but allows alternative ways to determine risk and risk reduction using ISA84/IEC61511
© ABB Group February 27, 2012 | Slide 58
Questions & Answers
© ABB Inc. February 27, 2012 | Slide 59
© ABB Group February 27, 2012 | Slide 60
Is the “Integration” part of the Certification Process?Absolutely It’s Interference Free
PPAOperation ClientOperation Client
Absolutely , It s Interference Free
Engineering Client
Engineering Client
DO880
DI880AI880TB840
Control Network
High Integrity I/OHigh Integrity I/OHigh Integrity Controller
High Integrity Controller
Optical Modulebus
CI854
SM811
PM865
BC810
CEX-bus interconnection Modulebus
Safety certified
© ABB GroupFebruary 27, 2012 | Slide 62 SM811 Synchronization link (RJ45)
RCU linkProfibus Safety relevant
Interference-free
Engineering SIL Compliant Application EnvironmentSIL Compliant Application Environment
The engineering tool the Control The engineering tool, the Control Builder M, will automatically limit user configuration choices to ensure integrityintegrity
Safety functions protect and control download to the process and runtime
i tenvironment
Download is prevented unless all SIL requirements are metq
Embedded firewall mechanisms include
CRC protection on different levels
Double code generation with comparison
© ABB Group February 27, 2012 | Slide 63
comparison
Compiler with revalidation
Grandfather clause (ISA S84.00.01)
“For existing SIS designed and constructed in accordance For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard (e.g., ANSI/ISA-84.01-1996), the owner/operator shall determine that the equipment is designedshall determine that the equipment is designed, maintained, inspected, tested, and operating in a safe manner”
It would imply…
Risk analysis to be done
V ifi ti th t i ti t d t l dd Verification that existing systems adequately addresses the defined risk level
Documentation of conclusions and decisions
Review and upgrade system (if needed)